unchained/manoon-headless
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
044aefae949d8dea7dfd3bd118e08a856d8ae8ee
manoon-headless/scripts/gsc-monitoring/README.md
Unchained 36915a3f75
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
feat: add OAuth 2.0 support for GSC monitoring 
- Updated monitor.py to support both OAuth and Service Account
- Created setup-oauth-local.py for easy local authorization
- Created cronjob-oauth.yaml for OAuth-based deployment
- Updated README with both authentication options
- OAuth is now the recommended method (no key file needed)
2026-03-30 17:56:49 +02:00

262 lines
7.1 KiB
Markdown
Raw Blame History

# Google Search Console Monitoring Setup Guide
## Overview
This setup creates an automated monitoring system for Google Search Console that runs daily and generates reports.
## Prerequisites
1. Google Cloud account
2. Access to Google Search Console for manoonoils.com
3. kubectl access to your Kubernetes cluster
## Authentication Methods
Choose one of the following authentication methods:
### Option A: OAuth 2.0 (Recommended - No Service Account Key)
This is the **easiest method** if you can't create service account keys.
#### Step 1: Enable Search Console API
1. Go to https://console.cloud.google.com
2. Create/select project: `manoonoils-monitoring`
3. Go to **APIs & Services → Library**
4. Search: "Google Search Console API"
5. Click: **Enable**
#### Step 2: Create OAuth Credentials
1. Go to **APIs & Services → Credentials**
2. Click: **Create Credentials → OAuth client ID**
3. Click: **Configure Consent Screen**
4. User Type: **External**
5. Fill in:
- App name: `ManoonOils GSC Monitor`
- User support email: your email
- Developer contact: your email
6. Click: **Save and Continue** (3 times)
7. Click: **Back to Dashboard**
8. Back on Credentials page
9. Click: **Create Credentials → OAuth client ID**
10. Application type: **Desktop app**
11. Name: `GSC Desktop Client`
12. Click: **Create**
13. Click: **DOWNLOAD JSON**
#### Step 3: Run Local Authorization
On your local machine (laptop):
```bash
# Go to the monitoring directory
cd scripts/gsc-monitoring
# Install dependencies
pip3 install google-auth google-auth-oauthlib google-auth-httplib2 google-api-python-client
# Run the OAuth setup
python3 setup-oauth-local.py
```
This will:
- Open a browser for you to authorize the app
- Generate a `gsc-oauth-credentials.json` file
- The refresh token never expires!
#### Step 4: Deploy to Kubernetes
```bash
# Copy the credentials to server
scp gsc-oauth-credentials.json doorwaysftw:/tmp/
# Create the secret
ssh doorwaysftw "kubectl create secret generic gsc-oauth-credentials \
--namespace=manoonoils \
--from-file=oauth-credentials.json=/tmp/gsc-oauth-credentials.json"
# Deploy the monitoring
ssh doorwaysftw "kubectl apply -f -" < cronjob-oauth.yaml
# Verify
ssh doorwaysftw "kubectl get cronjob gsc-monitoring-oauth -n manoonoils"
```
---
### Option B: Service Account (Requires Key Creation)
**Note:** This only works if you can create service account keys in Google Cloud.
## Setup Steps
### Step 1: Create Google Cloud Project
1. Go to https://console.cloud.google.com
2. Click "Create Project" (or select existing)
3. Name it: `manoonoils-monitoring`
4. Note the Project ID
### Step 2: Enable Search Console API
1. In your project, go to "APIs & Services" → "Library"
2. Search for "Google Search Console API"
3. Click "Enable"
### Step 3: Create Service Account
1. Go to "IAM & Admin" → "Service Accounts"
2. Click "Create Service Account"
3. Name: `gsc-monitor`
4. Description: `Monitoring service for Google Search Console`
5. Click "Create and Continue"
6. Role: Select "Search Console Viewer" (or "Owner" if not available)
7. Click "Done"
### Step 4: Create and Download Key
1. Click on the service account you just created
2. Go to "Keys" tab
3. Click "Add Key" → "Create New Key"
4. Select "JSON" format
5. Click "Create" - this downloads the key file
6. **SAVE THIS FILE SECURELY** - you cannot download it again!
### Step 5: Add Service Account to Search Console
1. Go to https://search.google.com/search-console
2. Select your property: `manoonoils.com`
3. Click "Settings" (gear icon) → "Users and Permissions"
4. Click "Add User"
5. Enter the service account email (from the JSON key file, looks like: `gsc-monitor@manoonoils-monitoring.iam.gserviceaccount.com`)
6. Permission level: "Full"
7. Click "Add"
### Step 6: Store Credentials in Kubernetes
On your server (doorwaysftw), run:
```bash
# Copy the JSON key file to the server
scp /path/to/service-account-key.json doorwaysftw:/tmp/
# Create the secret in Kubernetes
ssh doorwaysftw "kubectl create secret generic gsc-service-account \
--namespace=manoonoils \
--from-file=service-account.json=/tmp/service-account-key.json"
# Verify the secret was created
ssh doorwaysftw "kubectl get secret gsc-service-account -n manoonoils"
```
### Step 7: Build and Deploy
```bash
# Build the Docker image
cd scripts/gsc-monitoring
docker build -t gcr.io/manoonoils/gsc-monitoring:latest .
# Push to registry (or use local registry)
docker push gcr.io/manoonoils/gsc-monitoring:latest
# Deploy to Kubernetes
kubectl apply -f cronjob.yaml
# Verify it's running
kubectl get cronjob gsc-monitoring -n manoonoils
```
### Step 8: Test Manually
```bash
# Run a manual test
kubectl create job --from=cronjob/gsc-monitoring gsc-test -n manoonoils
# Check the logs
kubectl logs job/gsc-test -n manoonoils
# Delete the test job when done
kubectl delete job gsc-test -n manoonoils
```
## What It Monitors
### Daily Reports Include:
1. **Search Analytics** (Last 7 Days)
- Total clicks and impressions
- Average CTR and position
- Top 5 search queries
2. **Crawl Errors**
- Number of errors by type
- Platform-specific issues
3. **Sitemap Status**
- Sitemap processing status
- Warnings and errors
## Viewing Reports
Reports are saved to `/var/log/gsc-monitoring/` in the pod and can be accessed:
```bash
# Get pod name
POD=$(kubectl get pods -n manoonoils -l job-name=gsc-monitoring -o name | head -1)
# View latest report
kubectl exec $POD -n manoonoils -- cat /var/log/gsc-monitoring/$(kubectl exec $POD -n manoonoils -- ls -t /var/log/gsc-monitoring/ | head -1)
```
Or set up log aggregation with your preferred tool.
## Schedule
The monitoring runs daily at **9:00 AM UTC**. To change:
```bash
# Edit the cronjob
kubectl edit cronjob gsc-monitoring -n manoonoils
# Change the schedule field (cron format)
# Examples:
# "0 */6 * * *" # Every 6 hours
# "0 0 * * 0" # Weekly on Sunday
```
## Troubleshooting
### "Service account key file not found"
- Verify the secret was created: `kubectl get secret gsc-service-account -n manoonoils`
- Check the key is mounted: `kubectl exec deploy/gsc-monitoring -n manoonoils -- ls -la /etc/gsc-monitoring/`
### "User does not have permission"
- Verify the service account email was added to GSC with "Full" permissions
- Wait 5-10 minutes for permissions to propagate
### "Site not found"
- Verify the SITE_URL in `monitor.py` matches exactly (with trailing slash)
- Check: https://search.google.com/search-console
## Security Notes
- The service account JSON key is stored as a Kubernetes Secret
- The key has read-only access to Search Console data
- Rotate the key every 90 days for security
- Never commit the key file to git
## Updating the Monitor
To update the monitoring script:
1. Edit `monitor.py`
2. Rebuild the Docker image
3. Push to registry
4. Delete and recreate the CronJob:
```bash
kubectl delete cronjob gsc-monitoring -n manoonoils
kubectl apply -f cronjob.yaml
```
## Support
For issues or feature requests, check:
- Google Search Console API docs: https://developers.google.com/webmaster-tools/search-console-api-original/v3
- Google Cloud IAM docs: https://cloud.google.com/iam/docs
Reference in New Issue View Git Blame Copy Permalink